// Copyright (c) Open Enclave SDK contributors.
// Licensed under the MIT License.

/**
 * @file attestation/sgx/evidence.h
 *
 * This file defines macros and structures for SGX evidence format IDs and
 * claims.
 *
 * A number of SGX specific format IDs are defined for evidence generation
 * and verification.
 *
 * The API function oe_get_evidence() supports the values listed below in its
 * format_id parameter. The output evidence will be prefixed with an
 * oe_attestation_header if the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit in its
 * flags parameter is set.
 * - OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION
 * - OE_FORMAT_UUID_SGX_ECDSA
 * - OE_FORMAT_UUID_SGX_EPID_LINKABLE
 * - OE_FORMAT_UUID_SGX_EPID_UNLINKABLE
 *
 * The API function oe_verify_evidence() supports the values listed below in its
 * format_id parameter.
 * - NULL:
 *   + The input evidence is generated by oe_get_evidence(), with
 *     the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit set in its flags parameter.
 * - OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION:
 *   + The input evidence is generated by oe_get_evidence() for format
 *     OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION, with the
 *     OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit cleared in its flags parameter.
 * - OE_FORMAT_UUID_SGX_ECDSA:
 *   + The input evidence is generated by oe_get_evidence() for format
 *     OE_FORMAT_UUID_SGX_ECDSA, with the
 *     OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit cleared in its flags parameter.
 * - OE_FORMAT_UUID_LEGACY_REPORT_REMOTE:
 *   + The input evidence is an OE report generated by the legacy API function
 *     oe_get_report() with the OE_REPORT_FLAGS_REMOTE_ATTESTATION flag.
 * - OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA:
 *   + The input evidence is an SGX ECDSA quote generated by the
 *     Intel SGX SDK DCAP library, or the quote-ex library with algorithm ID
 *     SGX_QL_ALG_ECDSA_P256.
 *
 * The table below shows the structure of the evidence data for all the
 * supported SGX format IDs, as generated by an attester plugin or verified
 * by a verifier plugin.
 *
 * | Format ID | Evidence structure  |
 * | -- | - |
 * | OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION | [ oe_attestation_header ] <!--
 * --> \|\| SGX_report(hash) \|\| custom_claims_buffer |
 * | OE_FORMAT_UUID_SGX_ECDSA | [ oe_attestation_header ] \|\| <!--
 * --> SGX_ECDSA_quote(hash) \|\| custom_claims_buffer |
 * | OE_FORMAT_UUID_SGX_EPID_LINKABLE | [ oe_attestation_header ] \|\| <!--
 * --> SGX_EPID_linkable_quote(custom_claims_buffer) |
 * | OE_FORMAT_UUID_SGX_EPID_UNLINKABLE | [ oe_attestation_header ] \|\| <!--
 * --> SGX_EPID_unlinkable_quote(custom_claims_buffer) |
 * | OE_FORMAT_UUID_LEGACY_REPORT_REMOTE | oe_report_header (for remote <!--
 * --> attestation) \|\| SGX_ECDSA_quote(custom_claims_buffer) |
 * | OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA | <!--
 * --> SGX_ECDSA_quote(custom_claims_buffer) |
 *
 * In the above table:
 * - The optional header oe_attestation_header is a structure of type
 *   oe_attestation_header_t.
 * - For every format supported by oe_get_evidence(), the evidence
 *   will be prefixed with an oe_attestation_header when the
 *   OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit in its flags parameter is set.
 *   oe_report_header is the OE report header of type oe_report_header_t.
 * - hash is the SHA256 hash of the custom claims held in a flat buffer
 *   custom_claims_buffer.
 * - An SGX report (SGX_report(), of type sgx_report_t) or quote (SGX_*quote(),
 *   of type sgx_quote_t) embeds a flat buffer of 64 bytes for its SGX report
 *   data field. Depending on the format, this field holds either the hash of
 *   the custom claims, or the custom claims directly.
 */

#ifndef _OE_ATTESTATION_SGX_EVIDENCE_H
#define _OE_ATTESTATION_SGX_EVIDENCE_H

#include <openenclave/bits/defs.h>

OE_EXTERNC_BEGIN

#define OE_FORMAT_UUID_SGX_ECDSA                                          \
    {                                                                     \
        0xa3, 0xa2, 0x1e, 0x87, 0x1b, 0x4d, 0x40, 0x14, 0xb7, 0x0a, 0xa1, \
            0x25, 0xd2, 0xfb, 0xcd, 0x8c                                  \
    }

#define OE_FORMAT_UUID_LEGACY_REPORT_REMOTE                               \
    {                                                                     \
        0xc8, 0x30, 0x34, 0x54, 0xd9, 0x23, 0x4c, 0x2c, 0xa6, 0x91, 0xdf, \
            0x7d, 0xef, 0x46, 0x0a, 0x76                                  \
    }

#define OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA                                \
    {                                                                     \
        0x19, 0x23, 0xd9, 0x1e, 0x12, 0xd2, 0x4c, 0x72, 0xb2, 0x20, 0x25, \
            0xcd, 0x8d, 0xac, 0xe8, 0x71                                  \
    }

#define OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION                              \
    {                                                                     \
        0x09, 0x26, 0x8c, 0x33, 0x6e, 0x0b, 0x45, 0xe5, 0x8a, 0x27, 0x15, \
            0x64, 0x4d, 0x0e, 0xf8, 0x9a                                  \
    }

#define OE_FORMAT_UUID_SGX_EPID_LINKABLE                                  \
    {                                                                     \
        0xf2, 0x28, 0xaa, 0x3f, 0xde, 0x4d, 0x49, 0xd3, 0x88, 0x4c, 0xb2, \
            0xaa, 0x87, 0xa5, 0x0d, 0xa6                                  \
    }

#define OE_FORMAT_UUID_SGX_EPID_UNLINKABLE                                \
    {                                                                     \
        0x5c, 0x35, 0xd2, 0x90, 0xa2, 0xc2, 0x4c, 0x55, 0x9e, 0x13, 0x5a, \
            0xd7, 0x32, 0x74, 0x6c, 0x88                                  \
    }

#define OE_FORMAT_UUID_SGX_UNKNOWN                                        \
    {                                                                     \
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
            0x00, 0x00, 0x00, 0x00, 0x00                                  \
    }

// SGX specific claims
// Required: SGX report body fields that every SQX Quote verification should
// output.
// 1 boolean flag indicated by "sgx_misc_select_t"
#define OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED "sgx_pf_gp_exit_info_enabled"
#define OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID "sgx_isv_extended_product_id"
// 4 boolean flags indicated by "sgx_attributes_t"
#define OE_CLAIM_SGX_IS_MODE64BIT "sgx_is_mode64bit"
#define OE_CLAIM_SGX_HAS_PROVISION_KEY "sgx_has_provision_key"
#define OE_CLAIM_SGX_HAS_EINITTOKEN_KEY "sgx_has_einittoken_key"
#define OE_CLAIM_SGX_USES_KSS "sgx_uses_kss"
#define OE_CLAIM_SGX_CONFIG_ID "sgx_config_id"
#define OE_CLAIM_SGX_CONFIG_SVN "sgx_config_svn"
#define OE_CLAIM_SGX_ISV_FAMILY_ID "sgx_isv_family_id"
#define OE_CLAIM_SGX_CPU_SVN "sgx_cpu_svn"
#define OE_SGX_REQUIRED_CLAIMS_COUNT 10

/*
 * Optional: SQX Quote data
 */
// SQX quote verification collaterals.
#define OE_CLAIM_SGX_TCB_INFO "sgx_tcb_info"
#define OE_CLAIM_SGX_TCB_ISSUER_CHAIN "sgx_tcb_issuer_chain"
#define OE_CLAIM_SGX_PCK_CRL "sgx_pck_crl"
#define OE_CLAIM_SGX_ROOT_CA_CRL "sgx_root_ca_crl"
#define OE_CLAIM_SGX_CRL_ISSUER_CHAIN "sgx_crl_issuer_chain"
#define OE_CLAIM_SGX_QE_ID_INFO "sgx_qe_id_info"
#define OE_CLAIM_SGX_QE_ID_ISSUER_CHAIN "sgx_qe_id_issuer_chain"
#define OE_SGX_OPTIONAL_CLAIMS_SGX_COLLATERALS_COUNT 7
// SGX PCESVN.
#define OE_CLAIM_SGX_PCE_SVN "sgx_pce_svn"
#define OE_SGX_OPTIONAL_CLAIMS_COUNT 8

// Additional SGX specific claim: for the report data embedded in the SGX quote.

#define OE_CLAIM_SGX_REPORT_DATA "sgx_report_data"

/**
 * TCB level status of SGX platform. This enumeration type defines return codes
 * for SGX TCB status, which is the claim value for ::OE_CLAIM_TCB_STATUS.
 */
typedef enum _oe_sgx_tcb_status
{
    /**
     * TCB level of SGX platform is up-to-date.
     */
    OE_SGX_TCB_STATUS_UP_TO_DATE = 0,

    /**
     * TCB level of SGX platform is outdated.
     */
    OE_SGX_TCB_STATUS_OUT_OF_DATE = 1,

    /**
     * TCB level of SGX platform is revoked. The platform is not trustworthy.
     */
    OE_SGX_TCB_STATUS_REVOKED = 2,

    /**
     * TCB level of the SGX platform is up-to-date but additional configuration
     * of SGX platform may be needed.
     */
    OE_SGX_TCB_STATUS_CONFIGURATION_NEEDED = 3,

    /**
     * TCB level of SGX platform is outdated and additional configuration of SGX
     * platform may be needed.
     */
    OE_SGX_TCB_STATUS_OUT_OF_DATE_CONFIGURATION_NEEDED = 4,

    /**
     * TCB level of the SGX platform is up-to-date but due to certain issues
     * affecting the platform, additional Software Hardening in the attesting
     * SGX enclaves may be needed.
     */
    OE_SGX_TCB_STATUS_SW_HARDENING_NEEDED = 5,

    /**
     * TCB level of the SGX platform is up-to-date but additional configuration
     * for the platform and Software Hardening in the attesting SGX enclaves may
     * be needed.
     */
    OE_SGX_TCB_STATUS_CONFIGURATION_AND_SW_HARDENING_NEEDED = 6,

    /**
     * For TDX only. All components in the TD’s TCB are latest, including the
     * TD preserving loaded TDX, but the TD was launched and ran for some time
     * with out-of-date TDX Module. Relaunching or re-provisioning your TD is
     * advised
     */
    OE_SGX_TCB_STATUS_TD_RELAUNCH_ADVISED = 7,

    /**
     * The TDX platform firmware and TDX platform software are at the latest
     * security patching level but there are platform hardware configurations
     * that may expose the TD to vulnerabilities. In addition, the TD was
     * launched prior to the application of new TDX TCB components using a TD
     * Preserving update.
     */
    OE_SGX_TCB_STATUS_TD_RELAUNCH_ADVISED_CONFIG_NEEDED = 8,

    /**
     * TCB level is not valid.
     */
    OE_SGX_TCB_STATUS_INVALID = OE_ENUM_MAX,

} oe_sgx_tcb_status_t;

OE_EXTERNC_END

#endif /* _OE_ATTESTATION_SGX_EVIDENCE_H */
